The Victorian Legislative Assembly Economy and Infrastructure Committee presented its final report on workplace surveillance. The report advocates for 18 reforms that enhance data privacy across all workplaces. The Office of the Victoria Information Commissioner stated that existing regulations are insufficient since the Privacy and Data Protection Act 2014 is limited to Victorian public sector organisations.
The current workplace surveillance regulations in Victoria lag behind rapid technological advancements and the increasing use of monitoring devices in professional environments. The Legislative Assembly Economy and Infrastructure Committee found that current regulations fail to protect workers’ privacy. The Surveillance Devices Act 1999 (Vic) feels outdated and too limited because it only addresses specific scenarios, like banning optical and listening surveillance in toilets, washrooms, change rooms and lactation rooms.
Victoria strengthens workplace privacy
- Principles-based, technology-neutral law: Employers must demonstrate the justification, essentiality, and balance of their surveillance practices. A department that introduces location tracking for field staff must provide a clear rationale for the necessity of GPS monitoring. It should emphasise its role in ensuring safety rather than merely overseeing productivity.
- Mandatory transparency: Before starting surveillance, provide at least 14 days’ written notice that outlines the purpose, scope and storage details. An agency must inform employees about the methods used to store data in cloud systems and identify who will have access to this information when it implements keystroke logging. This transparency reduces data silos and fosters greater trust among staff.
- Employee consultation and policy disclosure: Employees must engage in discussions before changes to surveillance practices occur, and the organisation must release a comprehensive workplace surveillance policy. This fosters collaboration between leadership and staff and secures support for security measures while upholding privacy standards.
- Limits on covert surveillance: Covert monitoring is strictly regulated and can only be conducted with a court order in instances where unlawful activity is suspected, under the oversight of an independent surveillance supervisor. This ensures that cybersecurity tools are not misused for general monitoring, directing their focus solely on verified security threats.
- Human oversight of AI-driven decisions: An appointed individual must review any automated decision based on workplace surveillance data that significantly impacts employment. When AI identifies an employee as having low productivity, a human must evaluate whether contextual elements like system downtime influenced this outcome in order to maintain fairness in the use of artificial intelligence.
- Privacy and Data Protection Act amendments: Enhance privacy safeguards for every employee, categorise biometric data as sensitive information, and establish a mandatory incident notification system. The study shows that if a cloud storage breach reveals facial recognition data, employers must inform impacted employees and enhance accountability in cybersecurity practices.
Check out: “Government enhances transaction data protection”
Victoria advances digital government
The proposed changes urge Victorian public sector agencies to reassess their approaches to data collection, storage, and utilisation in relation to all workplace monitoring practices. Agencies must enhance their data governance practices within their data infrastructure to ensure that surveillance activities are proportionate and clearly justified. To ensure staff understand the scope and purpose of monitoring, agencies must establish clear notification and consultation processes.
This includes documenting privacy impact assessments and outlining the retention of surveillance data in cloud storage and its sharing within and between agencies. The new incident notification scheme will significantly impact cybersecurity preparedness. It will require the creation of swift breach detection systems, internal reporting mechanisms and processes for notifying staff.
Expanding the definition of sensitive information to include biometric data means agencies will need to improve protections for facial recognition and fingerprint records in their systems. Agencies need to change their monitoring rules and make sure there is accountability for what algorithms produce by restricting hidden surveillance to only those cases that a court has approved and by requiring human review for decisions made by artificial intelligence. The upcoming changes will dismantle data silos by establishing formal collaboration among privacy, human resources and IT security teams.
The proposed reforms regarding workplace surveillance in Victoria represent a crucial advancement in protecting employee privacy while enhancing the efficiency of digital government operations. Legal surveillance must remain open, balanced, and under strict supervision. Responsibilities apply across all industries and include sensitive information like biometrics.
Public sector agencies can enhance compliance by integrating privacy impact assessments into their operational planning, bolstering cybersecurity response capabilities, and ensuring human oversight for decisions driven by AI. The future perspective shows a regulatory landscape where privacy integrates data governance, collection, and sharing practices to minimise the risks linked to cloud storage and data silos. These reforms will set a significant benchmark for privacy protection standards across Australia.
Public Spectrum is the first knowledge-sharing platform in Australia to embrace the entire public sector. This website is a platform where you can connect, collaborate, empower, inspire, and upskill with public sector professionals.
Latest
Popular